[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-172-g5e66a4f

by Jussi Kivilinna <cvs <at> cvs.gnupg.org>
2015-02-28 17:25:58 GMT

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 5e66a4f8d5a63f58caeee367433dd8dd32346083 (commit)
from 505decf5369970219ddc9e78a20f97c623957b78 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5e66a4f8d5a63f58caeee367433dd8dd32346083
Author: Jussi Kivilinna <jussi.kivilinna <at> iki.fi>
Date: Sat Feb 28 18:04:34 2015 +0200
Fix in-place encryption for OCB mode
* cipher/cipher-ocb.c (ocb_checksum): New.
(ocb_crypt): Move checksum calculation outside main crypt loop, do
checksum calculation for encryption before inbuf is overwritten.
* tests/basic.c (check_ocb_cipher): Rename to ...
(do_check_ocb_cipher): ... to this and add argument for testing
in-place encryption/decryption.
(check_ocb_cipher): New.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna <at> iki.fi>

Libgcrypt 1.6.3 released (with SCA fix)

Werner Koch <wk <at> gnupg.org>
2015-02-27 20:39:05 GMT

Hello!
The GNU project is pleased to announce the availability of Libgcrypt
version 1.6.3. This is a security fix release to mitigate two new side
channel attacks.
Libgcrypt is a general purpose library of cryptographic building blocks.
It does not provide any implementation of OpenPGP or other protocols.
Thorough understanding of applied cryptography is required for proper
use Libgcrypt.
Noteworthy changes in version 1.6.3
===================================
* Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
* Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical].
* Improved asm support for older toolchains.
Download
========
Source code is hosted at the GnuPG FTP server and its mirrors as listed
at http://www.gnupg.org/download/mirrors.html . On the primary server
the source tarball and its digital signature are:

mpi_powm changes and t-sexp.c change of mine

NIIBE Yutaka <gniibe <at> fsij.org>
2015-02-27 08:29:49 GMT

Hello,
I pushed three changes to master. Two are forward port from 1.6
branch, and the last one is the one I found by running test program
with valgrind.
commit 505decf5369970219ddc9e78a20f97c623957b78
Author: NIIBE Yutaka <gniibe <at> fsij.org>
Date: Fri Feb 27 17:24:49 2015 +0900
tests: fix t-sexp.c.
* tests/t-sexp.c (bug_1594): Free N and PUBKEY.
commit 6636c4fd0c6ceab9f79827bf96967d1e112c0b82
Author: NIIBE Yutaka <gniibe <at> fsij.org>
Date: Thu Feb 26 21:07:01 2015 +0900
mpi: Avoid data-dependent timing variations in mpi_powm.
* mpi/mpi-pow.c (mpi_powm): Access all data in the table by
mpi_set_cond.
--
Access to the precomputed table was indexed by a portion of EXPO,
which could be mounted by a side channel attack. This change fixes
this particular data-dependent access pattern.
Cherry-picked from commit 5e72b6c76ebee720f69b8a5c212f52d38eb50287

[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-170-g6636c4f

by NIIBE Yutaka <cvs <at> cvs.gnupg.org>
2015-02-27 05:18:03 GMT

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 6636c4fd0c6ceab9f79827bf96967d1e112c0b82 (commit)
via 1fa8cdb933505960d4e4b4842b122d4e06953e88 (commit)
from 410d70bad9a650e3837055e36f157894ae49a57d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6636c4fd0c6ceab9f79827bf96967d1e112c0b82
Author: NIIBE Yutaka <gniibe <at> fsij.org>
Date: Thu Feb 26 21:07:01 2015 +0900
mpi: Avoid data-dependent timing variations in mpi_powm.
* mpi/mpi-pow.c (mpi_powm): Access all data in the table by
mpi_set_cond.
--
Access to the precomputed table was indexed by a portion of EXPO,
which could be mounted by a side channel attack. This change fixes
this particular data-dependent access pattern.
Cherry-picked from commit 5e72b6c76ebee720f69b8a5c212f52d38eb50287

[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-168-g410d70b

by Werner Koch <cvs <at> cvs.gnupg.org>
2015-02-23 10:42:07 GMT

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 410d70bad9a650e3837055e36f157894ae49a57d (commit)
from 653a9fa1a3a4c35a4dc1841cb57d7e2a318f3288 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 410d70bad9a650e3837055e36f157894ae49a57d
Author: Werner Koch <wk <at> gnupg.org>
Date: Mon Feb 23 11:39:58 2015 +0100
cipher: Use ciphertext blinding for Elgamal decryption.
* cipher/elgamal.c (USE_BLINDING): New.
(decrypt): Rewrite to use ciphertext blinding.
--
CVE-id: CVE-2014-3591
As a countermeasure to a new side-channel attacks on sliding windows
exponentiation we blind the ciphertext for Elgamal decryption. This
is similar to what we are doing with RSA. This patch is a backport of
the GnuPG 1.4 commit ff53cf06e966dce0daba5f2c84e03ab9db2c3c8b.

[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-166-g40a7bdf

by Werner Koch <cvs <at> cvs.gnupg.org>
2015-01-30 16:27:07 GMT

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 40a7bdf50e19faaf106470897fed72af623adc50 (commit)
from 2564d204e408b296425ac0660c6bdc6270575fb6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 40a7bdf50e19faaf106470897fed72af623adc50
Author: Werner Koch <wk <at> gnupg.org>
Date: Fri Jan 30 16:58:02 2015 +0100
w32: Use -static-libgcc to avoid linking to libgcc_s_sjlj-1.dll.
* src/Makefile.am (extra_ltoptions): New.
(libgcrypt_la_LDFLAGS): Use it.
--
Since gcc 4.8 there is a regression in that plain C programs may link
to libgcc_s.a which has a dependency on libgcc_s_sjlj.dll. This is
for example triggered by using long long arithmetic on a 32 bit
Windows (e.g symbol __udivdi3).
As usual the gcc maintainers don't care about backward compatibility
and declare that as some kind of compatibility fix and not as